Ethical Control: Ethics and Privacy in a Target-Rich Environment
Kevin Johnson and James Jardine
Derbycon 2014

Companies can’t seem to secure their stuff, do you think you can do better? Security has become a huge conversation, especially when you consider privacy as part of it. In this presentation, Kevin Johnson and James Jardine of Secure Ideas will explore the topics of ethics and how they play in a security mindset. We will explore topics such as bug bounties, when its ok to test an application without permission and licensing of penetration testers and security researchers.
For example, we have seen advancement in bug bounty programs, and the ability to crowd source security testing for companies. Are we going down a slippery slope when it comes to security “”research?”” What does research really mean and what should be considered legal or illegal? Should we be able to security test any site we want? This presentation will provide some views on how the definition of “”researcher”” is starting to morph more towards the negative. It will cover some of the events we have seen and try to provoke thought on whether or not it crosses that legal line. Researcher is becoming the new “”hacker”